Buypass Class 2 Certificates

Transcription

1 CERTIFICATE AND CRL PROFILES Buypass Class 2 Certificates PUBLIC Version: Document date: Buypass AS Nydalsveien 30A, PO Box 4364 Nydalen Tel.: kundeservice@buypass.no N-0402 Oslo, Norway Fax: VAT: NO

2 History of changes Version Date Status Description Draft Draft based on Buypass Class 3 doc Approved New chapter: 1.3 Buypass Class 2 SSL certificate profile Approved Changed ocsp URLs for SSL from https to http Buypass AS 2008 TPUBLIC Side 2 av 8

3 Table of content 1 Certificate and CRL profiles Buypass Class 2 certificate profile Buypass Class 2 Enterprise certificate profile Buypass Class 2 SSL certificate profile CRL profile...7 Buypass AS 2008 TPUBLIC Side 3 av 8

4 1 Certificate and CRL profiles 1.1 Buypass Class 2 certificate profile Version X509 version 3 certificates B Serial Unique certificate serial number B number Signature Algorithm sha-1withrsaencryption B sha-1withrsaencryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) Issuer CN=Buypass Class 2 CA 1 O= Buypass AS C=NO Validity notbefore<time> notafter<time> Public Key Info Basic Constraints Authority Key Key Certificate Policies Alternative Name CRL Distribution Point Authority Information Access B 5 } B Lifetime of certificate <= 3 years C=NO B O=<Subscriber Name>- <Subscriber Id> O B Subscriber Id according to Enhetsregisteret. OU=<Subscriber Department> O B CN=< Name> B FirstName + iddlename + LastName SerialNumber= B <BuypassId>: unique Buypass <BuypassId> identifier for Public Key B RSA (min.1024 Bits) Type=End Entity B Path Length Constraint=None Key for the CA public key. N Key for the Public N Key Policy OID= N RFC822Name=< address> Other Name: Principal Name=<UPN> URL=ldap://ldap.prod.buypass.no/dc=Buypass,dc=N O,CN=Buypass%20Class%202%20CA%201?certific aterevocationlist URL= [1]Authority Info Access Access ethod=on-line Certificate Status Protocol( ) Alternative Name: URL= O N address N N User Principal Name Digital Signature, Key Encipherment, Data Encipherment, Key Agreement (0xB8) C Certificate 1 Buypass AS 2008 TPUBLIC Side 4 av 8

5 Extended Card Number Non-Repudiation (0x40) C Certificate 2 O N Reference to smartcard O N id-seis-pe-cn OID: algorithm sha1 1) andatory or Optional field 2) Basic, Critical or Non-Critical extensions 1.2 Buypass Class 2 Enterprise certificate profile Version X509 version 3 certificates B Serial Unique certificate serial number B number Signature Algorithm sha-1withrsaencryption B sha-1withrsaencryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) Issuer CN=Buypass Class 2 CA 1 O= Buypass AS C=NO Validity notbefore<time> Public Key Info Basic Constraints Authority Key Key Certificate Policies B 5 } B Lifetime of certificate <= 3 years notafter<time> C=NO B O=<Subscriber Name> B OU=<Subscriber Department> O B CN=< name> B name as defined by Subscriber (e.g. subscriber name, system name, application name). SerialNumber= B <BuypassId>: unique Buypass <BuypassId> identifier for Public Key B RSA (min.1024 Bits) Type=End Entity B Path Length Constraint=None Key for the CA public key. N Key for the Public N Key Policy OID= N Buypass AS 2008 TPUBLIC Side 5 av 8

6 Alternative Name CRL Distribution Point Authority Information Access RFC822Name=< address> Other Name: Principal Name=<UPN> URL=ldap://ldap.prod.buypass.no/dc=Buypass,dc=N O,CN=Buypass%20Class%202%20CA%201?certific aterevocationlist URL= [1]Authority Info Access Access ethod=on-line Certificate Status Protocol( ) Alternative Name: URL= O N address Principal Name N N Extended algorithm Digital Signature, Key Encipherment, Data Encipherment (0xB0) C Certificate 1 Non-Repudiation (0x40) C Certificate 2 O N sha1 1) andatory or Optional field 2) Basic, Critical or Non-Critical extensions 1.3 Buypass Class 2 SSL certificate profile Version X509 version 3 certificates B Serial Unique certificate serial number B number Signature Algorithm sha-1withrsaencryption B sha-1withrsaencryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) Issuer CN=Buypass Class 2 CA 1 O= Buypass AS C=NO Validity notbefore<time> Public Key Info B 5 } B Lifetime of certificate <=3 years notafter<time> C=NO B O=<Subscriber Name> B According to Enhetsregisteret OU=<Subscriber Department> O B CN=<Domain name> B Domain name owned or controlled by the. SerialNumber=Organization number B According to Enhetsregisteret. Public Key B RSA (min.1024 Bits) Basic Type=End Entity B Buypass AS 2008 TPUBLIC Side 6 av 8

7 Constraints Authority Key Key Certificate Policies CRL Distribution Point Authority Information Access Extended algorithm Path Length Constraint=None Key for the CA public key. N Key for the Public N Key Policy OID= N BP Class 2 CA SSL OID URL= N [1]Authority Info Access Access ethod=on-line Certificate Status Protocol( ) Alternative Name: URL= Digital Signature, Key Encipherment (0xA0) Server Authentication (OID= ) Client Authentication (OID= ) sha1 N C N 1) andatory or Optional field 2) Basic, Critical or Non-Critical extensions 1.4 CRL profile Version X509 version 2 CRL B Signature Algorithm sha-1withrsaencryption B sha-1withrsaencryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) Issuer CN=Buypass Class 2 CA 1 B O= Buypass AS C=NO This Update UTCTime B Time of CRL generation Next Update UTCTime B Latest time the next CRL is Revoked Certificates issued List of revoked certificates O B Present if any certificates are currently revoked Each entry in the RevokedCertificates list has the following content: 5 } Buypass AS 2008 TPUBLIC Side 7 av 8

8 Serial Number Revocation Date Revocation Reason Serial Number of the revoked certificate B UTCTime B Date and time the revocation was registered Reason Code for the revocation O N Buypass AS 2008 TPUBLIC Side 8 av 8